Commit 0f832a56 authored by Vitali Tatarintev's avatar Vitali Tatarintev Committed by Peter Leitzen

Skip CSRF protection in Generic Alerts Endpoint

Public API endpoints doesn't need to have CSRF protection
parent 72e1c25a
...@@ -5,6 +5,7 @@ module Projects ...@@ -5,6 +5,7 @@ module Projects
class NotificationsController < Projects::ApplicationController class NotificationsController < Projects::ApplicationController
respond_to :json respond_to :json
skip_before_action :verify_authenticity_token
skip_before_action :project skip_before_action :project
prepend_before_action :repository, :project_without_auth prepend_before_action :repository, :project_without_auth
......
...@@ -10,6 +10,10 @@ describe Projects::Alerting::NotificationsController do ...@@ -10,6 +10,10 @@ describe Projects::Alerting::NotificationsController do
let(:service_response) { ServiceResponse.success } let(:service_response) { ServiceResponse.success }
let(:notify_service) { instance_double(Projects::Alerting::NotifyService, execute: service_response) } let(:notify_service) { instance_double(Projects::Alerting::NotifyService, execute: service_response) }
around do |example|
ForgeryProtection.with_forgery_protection { example.run }
end
before do before do
allow(Projects::Alerting::NotifyService).to receive(:new).and_return(notify_service) allow(Projects::Alerting::NotifyService).to receive(:new).and_return(notify_service)
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment